Click here to load reader
Upload
sebastian-montini
View
151
Download
0
Embed Size (px)
Citation preview
Ansible 202
(because i hate odd numbers)
$whoami
● DevOps Engineer @ Jampp
● Whisky enthusiast
● Amateur golfer
● Nardoz’s newbie
@sebamontini
What is Ansible?
Ansible is a very simple (yet powerful) automation engine.
● Simple: Ansible uses a clear (readable) YAML sintax.
● Fast: easy to learn, easy to setup.
● Efficient: No agent on you servers.
● Secure: No open ports on your firewalls (SSH).
@sebamontini
Glosary
Inventory: Lists of Hosts, Variables and Groups.
Modules: The units of work that Ansible ships out to remote hosts.
Facts: Things that are discovered about remote nodes.
Playbooks: List of plays (mapping of hosts and tasks).
Tasks: set of actions (module+args) to be executed.
@sebamontini
Tags
@sebamontini
---tasks: - yum: name={{ item }} state=installed with_items: - httpd - memcached tags: - packages
- template: src=templates/src.j2 dest=/etc/foo.conf tags: - config
- deploy
$ansible-playbook myapp.yml --tags config,deploy
Roles
@sebamontini
roles/
myRole/ # this hierarchy represents a "role"
tasks/ #
main.yml # <-- tasks file can include smaller files if warranted
handlers/ #
main.yml # <-- handlers file
templates/ # <-- files for use with the template resource
ntp.conf.j2 # <------- templates end in .j2
files/ #
bar.txt # <-- files for use with the copy resource
foo.sh # <-- script files for use with the script resource
vars/ #
main.yml # <-- variables associated with this role
defaults/ #
main.yml # <-- default lower priority variables for this role
meta/ #
main.yml # <-- role dependencies
Ansible Galaxy
@sebamontini
$ansible-galaxy install -r requirements.yml---- src: torian.python name: python path: roles-galaxy/ version: 1.0.0
- src: bennojoy.memcached name: memcached path: roles-galaxy
- src: https://github.com/torian/ansible-role-phantomjs name: phantomjs path: roles-galaxy/
ansible.cfg
[defaults]
inventory = inventory/ec2.py
roles_path = roles:roles-galaxy
retry_files_enabled = True
retry_files_save_path = .ansible-retry
$ansible-playbook <playbook.yml> -l @<playbook>.retry
@sebamontini
ansible-vault
Vault is a feature of ansible that allows keeping sensitive data such as passwords or keys in encrypted files.
roles/aliens
├── tasks
│ └── main.yml
└── vars
└── spoilers.yml
$ ansible-playbook playbooks/movies.yml --vault-password-file ~/.vault_pass.txt
@sebamontini
---
- include_vars: spoilers.yml
- name: Put the spoiler in the tmp directory.
copy:
content="{{spoiler_text}}"
dest=/tmp/spoiler_text.txt
$ ansible-vault encrypt roles/aliens/vars/spoilers.yml --vault-password-file ~/.vault_pass.txt
$cat playbooks/movies.yml
---- hosts: all roles: - { role: aliens }
We’re hiring !
http://jampp.com/jobs.php
@sebamontini